Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/sUW9w9D3anruSGMtpmnMk-MFiAg.roa
File:                     sUW9w9D3anruSGMtpmnMk-MFiAg.roa (raw, json)
Hash identifier:          2xpvnut4ZRq32uTM1u0ZFPDn0n3rOrjOit8Wfz/AHNQ=
Subject key identifier:   B1:45:BD:C3:D0:F7:6A:7A:EE:48:63:2D:A6:69:CC:93:E3:05:88:08
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A814D19EEBA8771D07388902E3179
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/sUW9w9D3anruSGMtpmnMk-MFiAg.roa
Signing time:             Mon 01 Jan 2024 18:30:20 +0000
ROA not before:           Mon 01 Jan 2024 18:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200215
IP address blocks:        178.170.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:81:4d:19:ee:ba:87:71:d0:73:88:90:2e:31:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b145bdc3d0f76a7aee48632da669cc93e3058808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d6:e5:0c:fb:51:df:22:8c:4b:b5:3e:6a:47:
                    c6:94:a5:c2:23:69:83:a1:13:08:68:22:d4:3b:f8:
                    2d:bc:c2:c0:cb:a4:1b:b2:7d:58:95:05:a7:7f:f3:
                    ec:f7:ed:1f:e1:10:5d:72:ee:15:f9:74:fd:b8:6e:
                    0b:3a:cc:ea:6f:b7:eb:5e:01:50:15:c6:6b:13:92:
                    d1:f8:77:96:27:32:3d:e0:b9:20:a0:bd:51:8d:a5:
                    fd:68:bd:c3:8e:e2:27:96:83:b3:3c:7b:3d:24:e2:
                    51:03:e5:ec:fb:08:4c:6a:2f:ce:2b:0c:6c:f6:b8:
                    09:70:31:85:d0:c4:7c:59:d9:1c:92:e1:92:77:75:
                    a7:a5:42:d4:a9:9d:76:c2:ed:7e:78:87:49:77:c4:
                    13:ea:59:df:a1:e5:4f:8c:c2:f4:d1:50:fe:e3:a5:
                    8a:f3:b0:18:27:22:90:83:d8:7b:6e:c1:c5:26:49:
                    63:97:a7:26:bd:28:5a:e2:c6:80:dc:43:bf:0a:f0:
                    31:50:20:09:02:da:3b:b6:9a:82:5f:e7:9c:38:db:
                    94:8b:fb:a0:16:93:41:72:2f:18:95:e2:82:39:2e:
                    f2:6e:b5:5c:b0:99:9d:c8:89:49:4e:f3:63:01:d1:
                    60:ee:07:00:b3:10:89:c7:78:07:be:f4:a7:25:e5:
                    2e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:45:BD:C3:D0:F7:6A:7A:EE:48:63:2D:A6:69:CC:93:E3:05:88:08
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/sUW9w9D3anruSGMtpmnMk-MFiAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.170.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:29:64:48:2a:dd:df:e3:cc:30:2c:31:3f:b4:09:2e:96:f3:
         06:56:7c:77:23:8f:e0:a6:1e:91:db:cd:01:06:84:7b:5e:ec:
         57:96:da:a2:46:d8:11:c6:bb:a6:dc:54:16:42:eb:5b:ad:78:
         0b:f9:fe:59:7a:a9:fe:19:47:b9:ab:9c:09:64:dc:9b:de:ea:
         f9:8a:e7:56:31:65:21:35:e2:eb:d4:2a:d1:75:65:c9:b6:f0:
         0f:60:56:14:33:5a:29:64:ed:e9:93:3f:85:f7:48:82:40:44:
         3f:60:7e:75:7c:39:53:7b:c9:09:12:79:56:a8:9f:24:a3:67:
         42:6a:b4:af:92:ff:f2:3d:46:98:e4:fe:fd:00:19:4b:cb:4b:
         ef:b8:11:cd:f4:85:8f:8c:cf:6a:4a:51:b4:e9:15:23:80:9e:
         59:82:71:f1:b7:35:1b:9c:06:72:14:3d:7a:a3:6c:90:44:85:
         1e:68:06:cc:f0:54:e5:8f:d1:e6:b3:cd:b0:b9:0c:9d:e3:b3:
         b5:16:cc:ce:51:03:b8:04:67:4e:df:e0:1d:82:6c:14:1a:38:
         1b:81:99:25:cf:f8:4f:0c:23:6c:c1:c9:83:c3:cc:66:d0:f0:
         17:04:9a:31:37:16:fd:1e:f0:75:50:f6:51:7e:07:35:09:a9:
         74:86:56:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSoFNGe66h3HQc4iQLjF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQ1YmRjM2QwZjc2YTdhZWU0ODYzMmRhNjY5Y2M5M2UzMDU4ODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstblDPtR3yKMS7U+akfGlKXCI2mD
oRMIaCLUO/gtvMLAy6Qbsn1YlQWnf/Ps9+0f4RBdcu4V+XT9uG4LOszqb7frXgFQ
FcZrE5LR+HeWJzI94LkgoL1RjaX9aL3DjuInloOzPHs9JOJRA+Xs+whMai/OKwxs
9rgJcDGF0MR8WdkckuGSd3WnpULUqZ12wu1+eIdJd8QT6lnfoeVPjML00VD+46WK
87AYJyKQg9h7bsHFJkljl6cmvSha4saA3EO/CvAxUCAJAto7tpqCX+ecONuUi/ug
FpNBci8YleKCOS7ybrVcsJmdyIlJTvNjAdFg7gcAsxCJx3gHvvSnJeUuWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFFvcPQ92p67khjLaZpzJPjBYgIMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvc1VXOXc5RDNhbnJ1U0dNdHBtbk1rLU1GaUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqrnMA0G
CSqGSIb3DQEBCwUAA4IBAQC/KWRIKt3f48wwLDE/tAkulvMGVnx3I4/gph6R280B
BoR7XuxXltqiRtgRxrum3FQWQutbrXgL+f5Zeqn+GUe5q5wJZNyb3ur5iudWMWUh
NeLr1CrRdWXJtvAPYFYUM1opZO3pkz+F90iCQEQ/YH51fDlTe8kJEnlWqJ8ko2dC
arSvkv/yPUaY5P79ABlLy0vvuBHN9IWPjM9qSlG06RUjgJ5ZgnHxtzUbnAZyFD16
o2yQRIUeaAbM8FTlj9Hms82wuQyd47O1FszOUQO4BGdO3+AdgmwUGjgbgZklz/hP
DCNswcmDw8xm0PAXBJoxNxb9HvB1UPZRfgc1Cal0hlbM
-----END CERTIFICATE-----